Posted
by
Soulskillon Wednesday July 13, 2011 @05:11AM
from the you-are-the-one-neo dept.

An anonymous reader writes "Among the 22 security holes Microsoft issued updates to fix yesterday is a critical kernel-level Bluetooth flaw that could let nearby attackers break into vulnerable systems even when the targeted computer is not connected to a network. An attacker could use the bug to gain access to any unpatched, Bluetooth-enabled Windows Vista or Win7 computer within 100 meters (or much further with specialized tools), all before the target system even gets an alert that another computer is requesting a Bluetooth connection."

But considering that leads to a complete OS compromise, that's pretty poor coding.

You literally only have to turn it on for a second and someone can root you without you knowing. You only have to witness someone pair with a device, or do a single Bluetooth transfer and you can root them. And what are the implications for embedded versions of Windows in, say, phones.

A lot of people use Bluetooth, it's expected to be quite secure in terms of not rooting your computer (people being able to monitor and sniff your Bluetooth data is a different class of problem entirely, and puny in comparison). And like the article says - you probably have the faulty software installed already and only an single tap of that Bluetooth switch will make you vulnerable to automatic rooting, like a virus.

A virus that exploits this will potentially go quickly global and be hard to cleanse because you literally may not even notice that you've been infected and switching on Bluetooth for a split second to send a file to your phone, answer your parent's Skype on a headset, etc. isn't generally considered an infection route.

I agree in that I have BT turned off on everything I own and set to hidden by default but it would be scary if I were using one of the vulnerable systems. That's the sort of thing that will still be catching people out five years from now and it's probably only the first of many such problems. Now before you can put a PC on the net, you need to make sure you've never enabled Bluetooth while Windows was executing until you've got it to the latest patch level.

No need to worry. Reports around the web are contradictory to this article, all say it's extremely unlikely that an attacker could gain access to your machine using this vulnerability. You're more likely to get blue-screened.

What's more, you'd have to be sharing your bluetooth id AND the attacker would have to be within range of your signal.

Many laptops for example share their bluetooth ID by default, and Joe User won't be aware of it or even know why it matters.

Secondly, Internet cafes, libraries, trains, etc... all are places where people often whip out their laptops. And if you happen to be living in flats you most likely ARE within range of atleast a few of your neighbours' devices. Atleast I often see 4-8 bluetooth devices that aren't mine, they're usually from the apartments above and below.

That's the opposite of what TFA said. In order to gain access the target computer needs some sort of (unspecified by TFA) memory corruption. My guess is you would need another flaw in conjunction with this (paired flaws?) to make it work.

I agree in that I have BT turned off on everything I own and set to hidden by default

I bought a tiny bluetooth dongle for the computer so I can bluetooth pictures and such from my phone to my computer. I keep blue

I had an Acer Aspire One (actually two of them, someone broke into my house and took the first one, then it happened again with the second one), and its built-in wifi worked flawlessly out of the box in both Windows and Linux, with WPA-2 security as its default in both OSes. I had an ancient Thinkpad I paid twenty bucks for (HD and battery were shot, used a thumb drive as a HD replacement), I never could get that sucker to network at all, even with a cable.

It's nice living in a small city in the midwest. Cheap shit (e.g. Evan Williams) is usually about $1.75, better whiskey (e.g. Crown) usually about $5. Cabo or Petron is usually a $5 shot, Joe Crow (Jose Cuervas) $1.75-2.00.

Downtown bars are a little more expensive, $3 bottles of beer instead of $2.25-2.50 bottles.

But what is a laptop good for? You can get two desktops, each with better performance, for the price of one laptop -- and you don't have to deal with a fiddly keyboard that makes your hands hurt after 15 minutes, a narrow strip of a screen (seemingly no new laptops have 4x3 displays...), several times as big hardware failure rate, and so on.

For when I'm on the go, I have a non-toy smartphone. Runs a compiler, shell, perl, Postgres -- both client and a server, browser, etc. The keyboard is even more fiddl

No, you will need more than a standard Bluetooth dongle to sniff packets from the air.. the BlueZ hcidump program only dumps packets passing through the host OS stack (to or from the host), and the controller cannot be set to 'promiscuous' mode like a wifi radio can..

". If your system were “discoverable,” it would respond to attacker SDP queries with its Bluetooth address. But in the default state, an attacker must obtain your Bluetooth address another way – either via bruteforcing it or extracting it from Bluetooth traffic captured over-the-air."

"you have paired a Bluetooth peripheral and are actively communicating, it is hard but not impossible to extract the Bluetooth address from the traffic sent over-the-a

Yeah, there are ways of protecting the user. WHICH IS WHY THEY PATCHED THE HOLE. This isn't an unpatched vulnerability. The title even notes that this vulnerability was patched. They found the hole. They patched the hole. No more hole. No more trench. No blaming the user.

The only way a user would be vulnerable to this, is if they never updated. At which point, hell yeah, blame the user.

The answer is of course zero, and the question is of course meaningless. The meaningful question is how many unpatched vulns, and unpatched for how long? Windows fails against all other OSes in these matrics iinm.

Adobe and Macromedia took away Microsoft's "king of the exploited software" crown long ago. Microsoft has come a long way in the last ten years when it comes to security, but they still have a long way to go.

Adobe and Macromedia have the 2001 Microsoft mindset. As to Macromedia, I seriously doubt they'll ever take security seriously -- or even understand it, considering they got their start copy-protecting VHS tapes. I have old tapes that were copied from Macromedia copy protected tapes that play fine, but

Lets see, one OS you have the source code to look for vulnerabilities, one you don't. I assure you that people DO look for vulns in Linux, especially those who use it for their file and web servers. The only folks looking for vulns in Windows are black hats looking for virus vectors, and white hats fighting the black hats.

What's that saying about Many Eyes? [google.com] (PDF from Wash U, "Many Eyes Hypothesis") Wait, now I remember -- Linus' Law [wikipedia.org].

Linus's Law is a claim about software development, named in honor of Linus

The point is that nobody should tell you or me what we must do. There are some security best practices but if you know what you're doing (and it seems you do), you evaluated the tradeoffs and you can do whatever you want. Actually your setup looks pretty useful even if I don't trust the security of anything wireless, not even at my home. Cables are great things:)

The vulnerability could allow remote code execution if an attacker sent a series of specially crafted Bluetooth packets to an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Almost remote full admin access. Seriously how much worse can it get, guess your still safe from internet attacks but still.

Anyone found a page on the exploit, you can do the entire list of immature things to other peoples computers to all your friends with Bluetooth with this one.

Some will have chosen to delay restarting just for an update but i guess since its a service pack things running better will be expected. I would expect a small window for a few. I guess its not clear but the last sentence was sensationalist. The casual nature of the post should have given some indication of it.

Apart from is a little difficult for the Russian to access it and least for primary infection this is a pretty bad exploit i cant remember worse for a while. Must have been a window for the FBI to ga

I noticed newer OSes of Linux/Debian, Windows, Mac OS X, etc. have Bluetooth features. I wished I could yank them out since I don't have any Bluetooth devices or plan to. Why keep the bloats and possible security holes?

That won't necessarily help much, actually -- libbluetooth is just the userspace component, the kernel drivers will probably still be initializing the hardware. You'd be better off disabling kernel support: blacklist the kernel modules [wikipedia.org] for your hardware. Then you don't need to remove random packages, they just won't have anything to talk to in the kernel and will remain harmless and inert.

Bluetooth has always been a known attack vector. I remember one that affected symbian phones for example. I used to get the odd file transfer request on my phone from other people who were infected. I think this might have been it.. http://www.f-secure.com/v-descs/cabir.shtml [f-secure.com]

Because 7 has features XP doesn't. Like support for the TRIM command for SSDs. Like an audio mixer that lets you set different volumes for each application, instead of each hardware output, which is floating point from the ground up. Like desktop rendering that is accelerated by your GPU. Like UAC. Like Aero Snap. Etc.
It's not like Windows 7 is just a facelift on Windows XP, There are differences that aren't even hard to find.

Most of the public could do all that on their phone. Most of the public don't particularly "need" computers.
Seriously, when the hell did "computers should only do exactly what people need them to do the day they buy them and anything else is a waste" become such a fashionable sentiment?

Most of the public doesn't use SSDs, doesn't need volume for each application nor does it need GPU accelerated rendering.

I'll give you the SSDs. GPU acceleration is not critical but still a nice-to-have even for the average Joe. Sound per application? This is a lot less esoteric than you'd expect -- all it takes is trying to Skype someone while you have ANY other application open and you'll see why you want that. Not sure how much use it gets by most people, but I like Aero Snap enough that I installed BetterTouchTool on my Mac just to get that one feature.

GPU accelleration goes beyond that, and has its uses for the average Joe. In the old days, each application would have to write onto an off screen buffer, which then the CPU woudl have to work out which ones are in front of each other, then finally copying onto the screen, although older Graphics Chipsets could help (via BITBLT, Bit Move, etc) when you have things such as transparency, etc, it gets pretty hairy for the CPU to process.

By offloading the entire window management onto the GPU, means the 3d capa

Because 7 has features XP doesn't. Like support for the TRIM command for SSDs. Like an audio mixer that lets you set different volumes for each application, instead of each hardware output, which is floating point from the ground up. Like desktop rendering that is accelerated by your GPU. Like UAC. Like Aero Snap. Etc.
It's not like Windows 7 is just a facelift on Windows XP, There are differences that aren't even hard to find.

Not trolling, but why does an Operating System care about being "Floating Point"?

Not to mention the ability to quickly recover from a graphics driver crash. It's absolutely amazing when you see it happen. "Oh, my GPU crashed, the screen went black. And... it's back already, and it didn't even affect the game I was playing."

Seeing as I've never had a graphics driver crash in the last four updates of the nVidia driver that I'm using (going back - what - five years on this particular chip) - and haven't witnessed (or had reported) one in work either on several hundred machines - that's not a big selling point.

"Hey, when random programs crash we can carry on!" is pretty much what I expect of an OS, anyway, and the damn things shouldn't be crashing in the first place.

Well, I think it's pretty cool that the kernel can not only recover when random userspace programs crash, but also recover when those programs are third-party graphics drivers running in kernel space. And recover quickly, without taking anything else out.

It is not as if you are not told that the crash has occurred. You are told immediately after automatic recovery. Messages also appear in the event log. That's much more helpful than going to a blank screen with the keyboard unresponsive, killing all applic

You've never used an ATI card then. the damn drivers crash if you even think about doing something and yes I've got an ATI card (4200 onboard - 5670 dedicated) and still see the damn thing puke for no reason. It's getting better with the feedback from the OSS devs but it's still a bit fragile.

Like an audio mixer that lets you set different volumes for each application, instead of each hardware output

I guess I will post on this one too. Turns out that audio mixer adds significant audio latency. Google it!The separate volume controls are nice, for the once in a million times I'm listening to music and watching youtube videos, but its a real deal breaker for people that want low latency audio.

At which point you set your application to use WASAPI in exclusive mode, and get all the low latency you want. A hell of a lot lower than WDM offers in Windows XP.
Or you use ASIO.
Or whatever. I mean, you probably don't need low latency from EVERY application, so it's not exactly borked is it?
After all, Microsoft worked with companies like Cakewalk when they were designing their new audio stack back in the Vista days. Which is why there IS low latency support in the stack, and why there are less audio

Is there another operating system that has per-application volume faders and a fully floating point audio path? Because I haven't seen any other OS that does... and I find that incredibly useful on a daily basis...

Do all applications use PulseAudio though? The Windows 7 model is backwards compatible through to well... I haven't seen an application that doesn't get it's own fader no matter what audio model it uses, at which point the audio stream (even if the application generates an integer stream) is converted to floating point, so that the volume sliders aren't as nearly as lossy as they would be if they were dealing with integer-based audio... and then mixed in floating point... and then converted to whatever form

I haven't seen an application that doesn't get its own fader no matter what audio model it uses

An app can request/get exclusive access to the audio card, and bypass everything including the volume control. But that's only used by audio authoring software.

My favorite Win7 audio feature in any case is the ability to redirect live audio. I can now watch a movie and while it's playing switch the audio to/from my headphones painlessly (earlier I would have to restart the movie, and sometimes the whole app). I don't have headphone jacks I can easily reach, so it saves me a bit of trouble.

I haven't seen an application that doesn't get its own fader no matter what audio model it uses

An app can request/get exclusive access to the audio card, and bypass everything including the volume control. But that's only used by audio authoring software.

My favorite Win7 audio feature in any case is the ability to redirect live audio. I can now watch a movie and while it's playing switch the audio to/from my headphones painlessly (earlier I would have to restart the movie, and sometimes the whole app). I don't have headphone jacks I can easily reach, so it saves me a bit of trouble.

Depends on what kind of audio card you have. Some support two audio streams, some do not. If you have the same Realtech chip I got then just set it to use separate audio streams for front/back panel, alternately you can also simply have two audio cards.

Then just right click the little speaker icon, select playback devices and change default. Any app that plays to the default playback device will then change to play to the new target.

i love that it works across sound devices - example playing pandora on the laptop speakers.. turn on my Bluetooth headphones (which are set to be primary audio when connected) and it is a seamless switch.. the on-board speaker goes dead and music in the head phones.. turn them off and easy auto switch back.

moving the live audio to other devices is a very nice feature for me..

Not only that, because Windows 7 deals with communication vs. regular audio separately in terms of devices, you can set up a headset to be the default communication input/output when connected, and that will just fall back to the default in/out when not connected - so for instance, when someone calls you on skype and you're just browsing the web or something, and you're too lazy to put on your headset - why bother, all is quiet, not too much audio interference - then you hear the other person through your s

And I would find that a complete waste of investment, personally. I don't have any problems with per-application faders (if you have more than one program playing sound simultaneously, of course it will sound a mess, and if you have that you can adjust those programs - a volume control is an almost universal widget on anything that plays audio) and certainly wouldn't ever use them.

If something is playing sound, it's because I need to hear it. I haven't touched the volume control panel in YEARS on this mac

Seriously, I don't adjust volumes in games (except to turn off music on some of them). Everything is at "max". And then I use either the master volume *in WINDOWS* (usually via some hotkey on laptops) or the speaker volume itself to bring it down to a decent level. I don't need the games to have volume settings, either internally or via some Windows hack, at all. It all "just works" and has since Windows 3.1! It's honestly not a problem that I, or anyone I support, has e

Windows still has the global volume setting as well. If you don't need the per-app volume settings, that's fine.

Having said that, there is one *other* thing this fixes:An app can no longer directly change the system's audio volume. Instead, it changes its own volume slider. This is a nice change for those of us who don't keep the Windows and app volumes cranked to 100%, but the app insists on cranking its up to 100%.

FreeBSD has had per-application volume controls for a while. It uses fixed-point arithmetic for the audio path, because that gives lower latency. Unless your source is floating point and your audio device supports floating point samples, then having a floating point audio path just involves translating from integer to float and back again, which isn't such a great selling point. And, yes, it is backwards compatible. Any application using the OSS 3 or 4 APIs (also supported on most other *NIX variants) g

Is there another operating system that has per-application volume faders and a fully floating point audio path? Because I haven't seen any other OS that does... and I find that incredibly useful on a daily basis...

Don't know about the floating point thing, but OS X has per-application volumes; just not all in one place (which I will admit has always annoyed me).

I dont think you understand what is being spoken here. Yes, individual APPS may have their own volume controls (such as itunes/mediaplayer/flash players/vlc) this is the app itself generating the sound at different volumes.

What Windows 7 (and i think Vista too) has is each application that plays sounds play to a "pipe" that is only associated with it. There is a system mixer that then mixes each pipe after applying a volume to it to a master pipe that is sent to the Audio Hardware. (Some audio hardware does

Whereas with Windows XP you get none of those things.
And frankly, Pulseaudio tries to be Windows 7/Vista audio. Pulseaudio came out in what, 2008/2009? Whereas Vista was available in 2006, and betas were available before then...

The point, though, is that you don't have that problem with Linux at all. Update the os? Download and install. Old programs seldom stop working unless there's a major revision to the kernel or libraries, when that happens just download and install a newer version of the software or a compatible replacement. There are usually a dozen or more programs with similar functionalities for most stuff you'd need.

If you're a Gamer, though, you're going to need the latest hardware and the latest Windows OS. Your best

Sounds like a pretty usual hotfix scenario to me. Then they'll hotfix the hotfix, and hotfix the hotfix to the hotfix, then they'll service pack it and bundle it with a dozen other things that fix that problem and introduce ten more.

As always - don't have Windows Update turned on by default unless you really do have proper (byte-level) backups of the computer that are up-to-date.

I've yet to take a batch of computers through a Service Pack without at least one of them hitting blue-screens or reboot loops an